I'm sure that this is a security issue
From formatting.php

/**
 * set this to true to allow id && style as core attributes for comments
 * WARNING : This would allow spammers to post hidden content in comments
 *           enable it at your own risk !
 */
$comments_allow_css_tweaks = false;

/**
 * DEPRECATED!!!
 *
 * here is a list of the tags that are allowed in the comments.
 * If XHTML validation is disabled all tags not in this list will be filtered out anyway before we do any checking
 */
$comment_allowed_tags = '<p><ul><ol><li><dl><dt><dd><address><blockquote><ins><del><span>
<bdo><br><em><strong><dfn><code><samp><kdb><var><cite><abbr>
<acronym><q><sub><sup><tt><i><b><big><small>';

I don't know why when I choose the version at the time of creating the post it always say it's 1.10x.

John,

Thank you for the response and info. I will see what can be done about it.

There is a hack thing that goes something like this:

<img src="regular_link_to_malicious_web_site.html" />

Or some mechanism by which "they" create a nasty file and save it as ".jpg" but it is obviously not a jpg file but good old IE doesn't know or care so it treats it like an image and it does bad things. I don't understand how evil hackers do that stuff. All I know is not enabling images in comments is a smart move.

TITSSN wrote:

I don't know why when I choose the version at the time of creating the post it always say it's 1.10x.

John,

Thank you for the response and info. I will see what can be done about it.

it's a nice bug we are already used to :lol: type it manually if u d like to :P

EdB,

I tried that and it didn't work. Besides, I set my account to be the only one that can post this kind of code. All other account/groups have strict restrictions on them.

When I tried that code it gave me an error about illegal img tag.

Do you mean posting or commenting?

Anyone with posting permission in a blog should be able to include an image in a post, but no one under any circumstances has ever had permission to do an image in a comment. Comments being where malicious surfers might try to do harm yah?